A new fake AMEX phishing attack uses tactics that lull users into a false sense of security - it creates a website that mirrors the real one – and it has an SSL certificate, says security company MailGuard.
The attack first start with a phishing email that states ‘suspicious activity’ has been detected on the victim’s credit card, and that corrective action must be taken.
To make it seem more convincing, the email says the card was recently used in Texas to purchase items. For security, the charges may be declined and the victim must click a link to ‘safeguard’ their account.
That link, MailGuard says, is a convincing American Express website that mirrors the real one, but the domain is different: onlinebanking-americanexpress.com.
It also has an SSL certificate, achieved by many criminals by using a free SSL certificate provider.
The certificates make the site seem secure, but all it means is that the information sent over the fake website is encrypted. Fooled users enter the details, which are then stolen, and are then taken to the real AMEX website.
MailGuard uncovered the email this week, and so far none of the 68 popular antivirus vendors were detecting the suspicious links.
MailGuard recommends users watch out for phishing scams by: